Product
medium
advisory
Persistence via Windows Installer (Msiexec)
3 rules 3 TTPsAdversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.
Windows +21
persistence
defense-evasion
3r
3t
medium
advisory
Potential Masquerading as Communication Apps
2 rules 3 TTPsAttackers may attempt to evade defenses by masquerading malicious processes as legitimate communication applications such as Slack, WebEx, Teams, Discord, RocketChat, Mattermost, WhatsApp, Zoom, Outlook and Thunderbird.
Slack +9
defense-evasion
masquerading
windows
2r
3t
medium
advisory
Masquerading Business Application Installers
2 rules 4 TTPsAttackers masquerade malicious executables as legitimate business application installers to trick users into downloading and executing malware, leveraging defense evasion and initial access techniques.
Elastic Defend +22
masquerading
defense-evasion
initial-access
malware
windows
2r
4t